Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OhZExF3MVU3K ' = '"%APPDATA%\Roaming\OhZExF3MVU3K\OhZExF3MVU3K.exe"'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe' /OhZExF3MVU3K /%APPDATA%\Roaming\OhZExF3MVU3K\OhZExF3MVU3K.exe
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %APPDATA%\Roaming\OhZExF3MVU3K\OhZExF3MVU3K.xml
- %APPDATA%\Roaming\OhZExF3MVU3K\OhZExF3MVU3K.xml в %APPDATA%\Roaming\OhZExF3MVU3K\OhZExF3MVU3K.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK eg####nted.ddns.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''